Loading...
 

Servidor r.tiki.org - 2018

To be migrated from Ubuntu 12.04 & Tiki12 in a separate VM that UEB is paying in Dimensis, to an
Ubuntu 14.04 VM within the http://ueb.vhir.org/Servidor+remot+uebvhir.org
Rescued (after the apparent sudden discontinuation of uebvhir.org domain and VM, noticed today Xavi ) into cloud.seeds4c.org (VM seed04.seeds4c.org )
Done by Xavier during May'2018.
VM 104
hostname: seed04
OS: Ubuntu 16.04 LTS 64bits
IP: 51.254.10.187
MAC Address: 02:00:00:cb:34:be
cpu: 4
RAM: 4 Gb
Hard DIsk: 45 Gb
Intended use: R 3.x & Tiki 18.x & PluginR
standard iso or image for this OS

http://r.dimensis.com (currently serving pages as https://r.tiki.org )
https://r.uebvhir.org (domain lost as of May 2018)
(and also to test new tiki versions: nextr.seeds4c.org )

1.1. Introduction

See former setup (as of 2015): http://ueb.vhir.org/Servidor+r.dimensis.com+-+r.tiki.org

Server to host examples of PluginR applications, how to master Tiki + PluginR + R to create custom CMS's which include Web interfaces for R packages and scripts.

This is no more based on ISPConfig. It was up to 2018-05, when hosted by a virtual machine from VHIR UEB, but that was discontinued at some point in May 2018.

See:

1.2. Setup ssl from *.tiki.org


Place files from /etc/apache2/ssl/ in the former server to the new server in the same place. Take them from the serverfiles*.tgz from the custom backups taken weekly and stored by lftp in my own backups server.

Then update those ssl file localtions in the apache configuration files for the virtual domain names:

Content to add at /etc/apache2/sites-available/r.tiki.org-ssl.conf
SSLCertificateFile /etc/apache2/ssl/star.tiki.org.pem
        SSLCertificateKeyFile /etc/apache2/ssl/star.tiki.org.key
        SSLCaCertificateFile /etc/apache2/ssl/gd_bundle.crt
        BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0


Full file:

Content to add at /etc/apache2/sites-available/r.tiki.org-ssl.conf
<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin xavi@tiki.org
                ServerName r.tiki.org

                DocumentRoot /var/www/html
                <Directory /var/www/html/>
                        Options Indexes FollowSymlinks MultiViews
                        AllowOverride All
                        Require all granted
                </Directory>

                # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
                # error, crit, alert, emerg.
                # It is also possible to configure the loglevel for particular
                # modules, e.g.
                #LogLevel info ssl:warn

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                # For most configuration files from conf-available/, which are
                # enabled or disabled at a global level, it is possible to
                # include a line for only one particular virtual host. For example the
                # following line enables the CGI configuration for this host only
                # after it has been globally disabled with "a2disconf".
                #Include conf-available/serve-cgi-bin.conf

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.

                #   Server Certificate Chain:
                #   Point SSLCertificateChainFile at a file containing the
                #   concatenation of PEM encoded CA certificates which form the
                #   certificate chain for the server certificate. Alternatively
                #   the referenced file can be the same as SSLCertificateFile
                #   when the CA certificates are directly appended to the server
                #   certificate for convinience.
                #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

                #   Certificate Authority (CA):
                #   Set the CA certificate verification path where to find CA
                #   certificates for client authentication or alternatively one
                #   huge file containing all of them (file must be PEM encoded)
                #   Note: Inside SSLCACertificatePath you need hash symlinks
                #                to point to the certificate files. Use the provided
                #                Makefile to update the hash symlinks after changes.
                #SSLCACertificatePath /etc/ssl/certs/
                #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

                # Files for *.tiki.org domains
                SSLCertificateFile /etc/apache2/ssl/star.tiki.org.pem
                SSLCertificateKeyFile /etc/apache2/ssl/star.tiki.org.key
                SSLCaCertificateFile /etc/apache2/ssl/gd_bundle.crt
                BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0


                #   Certificate Revocation Lists (CRL):
                #   Set the CA revocation path where to find CA CRLs for client
                #   authentication or alternatively one huge file containing all
                #   of them (file must be PEM encoded)
                #   Note: Inside SSLCARevocationPath you need hash symlinks
                #                to point to the certificate files. Use the provided
                #                Makefile to update the hash symlinks after changes.
                #SSLCARevocationPath /etc/apache2/ssl.crl/
                #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

                #   Client Authentication (Type):
                #   Client certificate verification type and depth.  Types are
                #   none, optional, require and optional_no_ca.  Depth is a
                #   number which specifies how deeply to verify the certificate
                #   issuer chain before deciding the certificate is not valid.
                #SSLVerifyClient require
                #SSLVerifyDepth  10

                #   SSL Engine Options:
                #   Set various options for the SSL engine.
                #   o FakeBasicAuth:
                #        Translate the client X.509 into a Basic Authorisation.  This means that
                #        the standard Auth/DBMAuth methods can be used for access control.  The
                #        user name is the `one line' version of the client's X.509 certificate.
                #        Note that no password is obtained from the user. Every entry in the user
                #        file needs this password: `xxj31ZMTZzkVA'.
                #   o ExportCertData:
                #        This exports two additional environment variables: SSL_CLIENT_CERT and
                #        SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
                #        server (always existing) and the client (only existing when client
                #        authentication is used). This can be used to import the certificates
                #        into CGI scripts.
                #   o StdEnvVars:
                #        This exports the standard SSL/TLS related `SSL_*' environment variables.
                #        Per default this exportation is switched off for performance reasons,
                #        because the extraction step is an expensive operation and is usually
                #        useless for serving static content. So one usually enables the
                #        exportation for CGI and SSI requests only.
                #   o OptRenegotiate:
                #        This enables optimized SSL connection renegotiation handling when SSL
                #        directives are used in per-directory context.
                #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                #   SSL Protocol Adjustments:
                #   The safe and default but still SSL/TLS standard compliant shutdown
                #   approach is that mod_ssl sends the close notify alert but doesn't wait for
                #   the close notify alert from client. When you need a different shutdown
                #   approach you can use one of the following variables:
                #   o ssl-unclean-shutdown:
                #        This forces an unclean shutdown when the connection is closed, i.e. no
                #        SSL close notify alert is send or allowed to received.  This violates
                #        the SSL/TLS standard but is needed for some brain-dead browsers. Use
                #        this when you receive I/O errors because of the standard approach where
                #        mod_ssl sends the close notify alert.
                #   o ssl-accurate-shutdown:
                #        This forces an accurate shutdown when the connection is closed, i.e. a
                #        SSL close notify alert is send and mod_ssl waits for the close notify
                #        alert of the client. This is 100% SSL/TLS standard compliant, but in
                #        practice often causes hanging connections with brain-dead browsers. Use
                #        this only for browsers where you know that their SSL implementation
                #        works correctly.
                #   Notice: Most problems of broken clients are also related to the HTTP
                #   keep-alive facility, so you usually additionally want to disable
                #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
                #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
                #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
                #   "force-response-1.0" for this.
                # BrowserMatch "MSIE [2-6]" \
                #               nokeepalive ssl-unclean-shutdown \
                #               downgrade-1.0 force-response-1.0

        </VirtualHost>
</IfModule>

1.3. Domain r.tiki.org updated

Got user and pass at clipperz tikiadmin account, to modify the tiki.org subdomain r.tiki.org to use the new server ip here:
https://manage.dynect.net/login/


1.4. Add R & java repos

Command in a terminal on the server
sudo add-apt-repository ppa:marutter/rrutter
sudo apt-get update
sudo apt-get dist-upgrade

1.5. Add system R packages

Besides the usual, you can install these extra ones:

sudo apt-get install libdbd-mysql libmysqlclient-dev r-cran-rmysql libcurl4-openssl-dev libssl-dev

1.6. Tweak Java install

# Install Java extra packages
sudo apt-get install openjdk-7-jdk openjdk-7-jre-*
# Reconfigure Java in your system
sudo R CMD javareconf
# Choose Java openjdk-7 if you have more than one java install
sudo update-alternatives --config java
# Install rJava system package
sudo apt-get install r-cran-rjava

1.7. Update packages

Command in a terminal on the server
sudo su - -c "R -q -e \"update.packages(ask=F, repos='http://cran.rstudio.com/')\""

1.8. Install new packages

For instance, "tm" (needed for WordCloud type of charts), which was not available in R < 3.1, and Ubuntu 14.04 came with 3.0.x in it's default repositories.

Command in a terminal on the server
sudo su - -c "R -q -e \"install.packages('tm', repos='http://cran.rstudio.com/')\""


CairoDevice requires an special command with "no test load" on a server without the X windows:

Command in a terminal on the server
sudo su - -c "R -q -e \"install.packages('cairoDevice', INSTALL_opts='--no-test-load', repos='http://cran.rstudio.com/')\""

1.9. Install R Studio server

Command in a terminal on the server
sudo apt-get install gdebi-core
wget https://download2.rstudio.org/rstudio-server-0.99.902-amd64.deb
sudo gdebi rstudio-server-0.99.902-amd64.deb


To access it:
http://r.uebvhir.org:8787/

See also:
http://www.rstudio.com/ide/docs/server/getting_started

1.9.1. Install new php versions and switch between them

See: https://launchpad.net/~ondrej/+archive/ubuntu/php
It has php 5.5, 5.6, 7.0 etc.

commands in a terminal
sudo su
add-apt-repository ppa:ondrej/php
apt-get update
apt-get install php7.0 php5.6 php5.6-mysql php-gettext php5.6-mbstring libapache2-mod-php5.6 libapache2-mod-php7.0 php5.6-curl php5.6-gd php5.6-mcrypt php5.6-xml php5.6-xmlrpc libphp5.6-embed libphp7.0-embed php-memcache php5.6-intl php5.6-zip php7.0-curl php7.0-zip php7.0-xml php7.0-intl php7.0-mcrypt php7.0-mysql php7.0-mbstring php7.0-opcache php-apcu
exit


Installing both php5.6 & php7.0 might result in a lot of complaining from apt and lots of conflicts. The first suggested resolution was to remove all the stock php5 packages so that PHP 5.6 could be installed - so I just accepted the first suggestion.

The config files are all in /etc/php/5.6 and /etc/php/7.0 respectively - inside here is where you can configure which extensions are loaded, set the ini settings, and everything else for each version in isolation.

So to switch from php 5.6 to php 7.0 you need to do two things:

# For php in web apps
user@computer:/# sudo a2dismod php5.6; sudo a2enmod php7.0; sudo service apache2 restart
# For php-cli in the command line
user@computer:/# sudo ln -sfn /usr/bin/php7.0 /etc/alternatives/php
user@computer:/# php -v
# PHP 7.0.6-1+donate.sury.org~xenial+1 (cli) ( NTS )
# Copyright (c) 1997-2016 The PHP Group
# Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
#    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
#    with Xdebug v2.4.0, Copyright (c) 2002-2016, by Derick Rethans
user@computer:/#


or from php7.0 to php5.6:

# For php in web apps
user@computer:/# sudo a2dismod php7.0 ; sudo a2enmod php5.6 ; sudo service apache2 restart
# For php-cli in the command line
user@computer:/# sudo ln -sfn /usr/bin/php5.6 /etc/alternatives/php
user@computer:/# php -v
# PHP 5.6.21-1+donate.sury.org~xenial+2 (cli) 
# Copyright (c) 1997-2016 The PHP Group
# Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
#    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies


From the commandline, I have both php5.6 and php7.0 available as commands. I also still have a php command - look in /etc/alternatives to see that it symlinks to a particular version of PHP cli*. You can also quickly check which yours is using by running php -v.

Remember that php.ini and other files with settings are not in /etc/php5 anymore but in /etc/php/version/

1.10. Setting up the ProfilesTester

Install git, and fetch https://github.com/xavidp/TikiProfilesTester

Setup branches 12.x, 14.x, 15.x, 16.x and trunk under:
/var/www/tikiprofiletests/

Setup one mysql db for each branch (phpmyadmin to the rescue)

And setup cron job to run the script on a weekly basis.

10 0 * * 0 cd /home/xavi/code/TikiProfilesTester/;R CMD BATCH TikiProfilesTester.R

1.11. Setup nextr.tiki.org - nextr.seeds4c.org

Setting up Tiki18 to test r.tiki.org with the new pluginR pre-installed witin Tiki itself.

mpdf/mpdf 7.0.3 installed through Tiki packages (web composer). I had to temporarily set /var/www/tiki18svn/ to 777 to allow web composer to work properly, before reverting back to 755.
Some system packages were missing:

sudo apt-get install php7.0-cgi php7.0-gd



Alias names for this page:
Servidor r.dimensis.com - 2018

Image Seed: noun \ˈsēd\ : the beginning of something which continues to develop or grow

Knowledge seeds

Switch Language